fix: Update auth app_metadata when deleting users + customers (#9041)

* wip

* more work

* working on stuff

* more

* fix test

* remove incorrect test

* fix test

* fix: Only allow deletion of yourself

* remove redundant tests

packages/medusa/src/api/admin/users/[id]/route.ts

@@ -1,4 +1,7 @@
-import { deleteUsersWorkflow, updateUsersWorkflow } from "@medusajs/core-flows"
+import {
+  removeUserAccountWorkflow,
+  updateUsersWorkflow,
+} from "@medusajs/core-flows"
 import { HttpTypes, UpdateUserDTO } from "@medusajs/types"
 import {
   AuthenticatedMedusaRequest,
@@ -10,8 +13,8 @@ import {
   MedusaError,
   remoteQueryObjectFromString,
 } from "@medusajs/utils"
-import { AdminUpdateUserType } from "../validators"
 import { refetchUser } from "../helpers"
+import { AdminUpdateUserType } from "../validators"
 
 // Get user
 export const GET = async (
@@ -71,10 +74,19 @@ export const DELETE = async (
   res: MedusaResponse<HttpTypes.AdminUserDeleteResponse>
 ) => {
   const { id } = req.params
-  const workflow = deleteUsersWorkflow(req.scope)
+  const { actor_id } = req.auth_context
+
+  if (actor_id !== id) {
+    throw new MedusaError(
+      MedusaError.Types.NOT_ALLOWED,
+      "You are not allowed to delete other users"
+    )
+  }
+
+  const workflow = removeUserAccountWorkflow(req.scope)
 
   await workflow.run({
-    input: { ids: [id] },
+    input: { userId: id },
   })
 
   res.status(200).json({